I’ve been using Home Assistant for about a year now. Needless to say, great potential!
One of the areas of friction for me has been remote access. Users currently have two options:
Go through a non-trivial and often brittle setup with port-forwarding, TLS tunneling, and dynamic DNS.
Use Nabu Casa Remote Access Cloud.
I think the latter is a completely reasonable way to make things simple for the end user and support the sustainability of the project.
However as the documentation states, there are a few quirks in the implementation that slightly contradict the core promise of user data privacy, because a cloud service sits in the middle of user data traffic. Although its encrypted end to end, there is a minimal risk of someone hacking into the server and mounting a man-in-the-middle attack.
So I’ve done some homework and I think I found a possible improvement. The gist of the proposed solution takes advantage of WebRTC DataChannel - a peer-to-peer communication API that has been long coming and finally all major browsers support.
Looks interesting. I wonder if people might pay less attention to this simply because they are already on the Nabu Casa road and feel like the fee is worth it. I’d still donate to HA even if this was implemented.
Are there any other benefits than eliminating man-in-the-middle? Any downsides?
I also think that the Home Assistant Cloud Fee is totally worth it. To me it’s no different than sponsoring the project’s future success.
The suggested solution is potential improvement to the current Nabu Casa implementation. It still requires a lightweight ephemeral signaling server, which I presume would be run by Nabu Casa with uptime SLA.
What the suggested approach solves is the need to be in the middle of user data flow. That reduces privacy concerns, lowers latency from UI to the Home Assistant device and also lowers the costs that Nabu Casa has to pay their cloud provider for pass-through traffic.
It also removes the need to create a cloud account. That can be an optional feature, created as needed for example to integrate with third party cloud services.
Downsides as far as I can tell are related to access vulnerability if users’ local network or UI devices are not well protected. Malicious access to someone’s UI device or local network of course invites all kinds of problems.
There may be other downsides that I haven’t figured out yet. Happy to discuss.